Browser fingerprinting isn't exactly a new topic however a lot of people still don't really understand that no matter how many precautions they take there will always be some ways that companies, Specially data collection agencies can detect exactly who you are in a dataset based on your browser fingerprint alone.
No matter how hard you try to stop detection, Use incognito, private modes or even VPN's none of it matters.
Why should I care?
In 2013 Edward Snowden leaked and proved how the government was collecting data on millions of people. This is just one government from one nation, Now imagine all the regimes and dictatorships who don't care at all and wish to retain power from the people. How do you think would they use information related to you to silence you or to profile you?
Often times the most common rebuttal I've heard is something along the lines of,
If you have nothing to hide why are you afraid of the government?
Mass surveillance is one of the easiest ways of indoctrination. If you have any ideology that opposes the ruling government or the regime even slightly it could have horrible repercussions for you. This has been a very common theme in the CCP led Chinese government for majority of the years and is slowly making its way to India as well.
Even if your ideology aligns with that of the ruling government or regime it won't stop them from using this data to rob you of your freedom and rights down the line.
Okay, But i have a VPN. I'm good!
Gone are the days when all you needed to gain privacy was to use a VPN. Whenever you load any website go through the network log through a proxy tool such as fiddler. Or just use your network logger in developer tools. Almost every single ad company and analytics system looks for your browser details first. Its very easy to understand where you live even if you have a VPN using something like a webRTC leak. This leaks your original IP address even if you're using a VPN.
Don't trust me? Have a look here https://browserleaks.com/webrtc.
There are many different detection endpoints that are chained together to create a unique profile that can pinpoint you. Here are some of them.
- Number of extensions
- Do you have extensions enabled?
- Do you have sound?
- What is your canvas fingerprint?
- Are you using a canvas fingerprint blocker?
- What is your Audio Context fingerprint?
- Are you using a Audio Context blocked?
- What is your WebGL Browser Report fingerprint?
- Are you using a WebGL Browser Report blocker?
Websites and organizations can be using either or all of these methods to track you. You might have noticed, using fingerprint blockers is in reality a even bigger tracking point.
Lets say, There are 100 people who use chrome. Your user-agent suggests you're using chrome. Out of these 100 people only 1 person is using a Audio Context fingerprint blocker.
How difficult do you think is it now to track you combined with a network of other parameters?
How do agencies use my private data?
Data agencies get paid to do a job and that job is to figure out who you really are. There is a reason why data scientists are some of the highest paid tech professionals. Where there is money there will be people who will be willing to one up one another to gain the market share.
If you were to start a data analytics agency to provide data to an advertising agency how would you be able to out compete your competition? Performance marketing is another sector your privacy is the currency. The more data about you is available the more money they make. I wouldn't worry about the making money part. Whats more worrying is that your data is processed because it can be used to manipulate you into doing things that you otherwise wouldn't.
One of the biggest examples and a huge scandal would be the Cambridge analytica situation. It took a internal leak by a exworker at the company for them to reveal the insane amounts of data that had been collected. This company also promised political agents of mass manipulative data that could be used for nefarious gains.
What is a audio context fingerprint?
Audio context fingerprinting is a new parameter of tracking. Most modern browsers have the Audio Context API you can read more about it here.
This API can be used to create a waveform in the background. Since every system has some differences which are always unique such as the differences in audio drivers or CPU and machine configurations which lead to a very minute difference in the oscillation of the Audio Context waveform. This fingerprint can be generated even if you set your volume to zero.
What is a canvas fingerprint?
Canvas fingerprinting is when the website that's tracking you draws shapes and elements in its HTML canvas in the background. This spits out information about the fonts available, render time and a variety of variables that are often a point of separation between two visitors on a website.
This parameter of tracking using the CanvasRenderingContext2D interface which is part of the CanvasAPI which is in turn is part of the WebGL (Web Graphics Library) which is a is a JavaScript API for rendering 3D and 2D graphics.
Further reading:
https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf
What can i do?
Spoof spoof and spoof. All of the parameters mentioned above can be spoofed it can be a bit complicated since the source code for chromium is massive and it can take hours just to compile the damn thing. However, it is possible. Just keep in mind that if you create your own custom fingerprint you shouldn't change it midway until you dispose the browser.
This is because no human just suddenly while browsing a website is going to change his fingerprint. This is a massive red flag for a system that thought your browser was unique.
None of this has to be reserved only to skilled developers this is why I'm working on developing a tool that addresses this issue. It's free for all and will be released under AGPLv3 as always.
Top comments (0)